In the 90s, network management was mostly about whats up or down and bandwidth shortages and slowness were often addressed by bringing in bigger connections with more bandwidth or upgrading servers and end systems. Overtime, we have realized that by gaining a bit of insight into the traffic patterns, we can sometimes avoid costly upgrades.

“companies that manage application performance have fewer complaints from end users and, faster time to repair application issues.    They also can build applications that are easier to use and require fewer IT resources to support.”
Jeffrey Hill – Aberdeen Group

Determining a “why is it so slow” issue may involve one or more of the following:

  • Is it caused by bandwidth contention
  • Is it the end system resources?
  • Is the server overwhelmed

As pointed out by Jeffrey Hill, monitoring application performance can lead to a faster MTTR (mean time to repair) and ultimately result in happier end users.  The benefits are obvious but, how can we troubleshoot application slowness using NetFlow or IPFIX?

Traditionally, Cisco NetFlow Technology has been used to export details on connections with a primary focus on bytes transferred. With this in mind, NetFlow and IPFIX collection has been very useful for determining:

  • The amount of connections to a server
  • The ports it was communicating on
  • The total amount of bytes to and from the server

Loaded with the above information, we could often deduce the source of a latency problem however, there are plenty of troubleshoots where the above simply doesn’t provide enough insight on performance (i.e. network performance). With the emerging cloud computing technology, monitoring cloud services for performance issues is clearly going to be a concern.

The nProbe was the first NetFlow probe or IPFIX solution to export details on latency specific to end systems, servers and applications.  Next came Cisco Performance Monitoring for Medianets and at about the same time Sonicwall IPFIX exports were releasing similar information.  Most recently Citrix AppFlow has joined the list.  Not only do these vendors provide latency details on TCP connections, many also provide insight for VoIP traffic monitoring. Details include jitter, packet loss, codec, caller id and more.

Application Performance with NetFlow

Since NetFlow v5, the technology has included the subnet prefix which enables NetFlow and IPFIX reporting tools to empower network administrators to view network performance issues by subnet.  This is all after filtering down to see only the targeted data inclusive of specific interfaces or even URLs specific to cloud services. Yes, all with NetFlow or IPFIX.

NetFlow and IPFIX have come a long way to aid in network traffic analysis.  Make sure your NetFlow solution can take traffic analysis to another level by including details on network connection latency.




Paul Dube

Paul Dube is the Director of Technical Services at Plixer. He has a passion for enabling individuals and organizations to use highly complex systems to solve business and personal objectives. This passion for problem solving has Paul working with some of the largest enterprises to solve their security and networking challenges and also educating his young daughters on how to enrich their lives with technology. When he's not working, you will find him enjoying time with his family, cooking something delicious on the Big Green Egg, and enjoying the best brews that the locals have to offer.


Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply